# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# NOTE: This file is auto generated by the elixir code generator program.
# Do not edit this file manually.

defmodule GoogleApi.BinaryAuthorization.V1.Model.Policy do
  @moduledoc """
  A policy for container image binary authorization.

  ## Attributes

  *   `admissionWhitelistPatterns` (*type:* `list(GoogleApi.BinaryAuthorization.V1.Model.AdmissionWhitelistPattern.t)`, *default:* `nil`) - Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
  *   `clusterAdmissionRules` (*type:* `%{optional(String.t) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t}`, *default:* `nil`) - Optional. A valid policy has only one of the following rule maps non-empty, i.e. only one of `cluster_admission_rules`, `kubernetes_namespace_admission_rules`, `kubernetes_service_account_admission_rules`, or `istio_service_identity_admission_rules` can be non-empty. Per-cluster admission rules. Cluster spec format: `location.clusterId`. There can be at most one admission rule per cluster spec. A `location` is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For `clusterId` syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
  *   `defaultAdmissionRule` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t`, *default:* `nil`) - Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
  *   `description` (*type:* `String.t`, *default:* `nil`) - Optional. A descriptive comment.
  *   `etag` (*type:* `String.t`, *default:* `nil`) - Optional. A checksum, returned by the server, that can be sent on update requests to ensure the policy has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
  *   `globalPolicyEvaluationMode` (*type:* `String.t`, *default:* `nil`) - Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
  *   `istioServiceIdentityAdmissionRules` (*type:* `%{optional(String.t) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t}`, *default:* `nil`) - Optional. Per-istio-service-identity admission rules. Istio service identity spec format: `spiffe:///ns//sa/` or `/ns//sa/` e.g. `spiffe://example.com/ns/test-ns/sa/default`
  *   `kubernetesNamespaceAdmissionRules` (*type:* `%{optional(String.t) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t}`, *default:* `nil`) - Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: `[a-z.-]+`, e.g. `some-namespace`
  *   `kubernetesServiceAccountAdmissionRules` (*type:* `%{optional(String.t) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t}`, *default:* `nil`) - Optional. Per-kubernetes-service-account admission rules. Service account spec format: `namespace:serviceaccount`. e.g. `test-ns:default`
  *   `name` (*type:* `String.t`, *default:* `nil`) - Output only. The resource name, in the format `projects/*/policy`. There is at most one policy per project.
  *   `updateTime` (*type:* `DateTime.t`, *default:* `nil`) - Output only. Time when the policy was last updated.
  """

  use GoogleApi.Gax.ModelBase

  @type t :: %__MODULE__{
          :admissionWhitelistPatterns =>
            list(GoogleApi.BinaryAuthorization.V1.Model.AdmissionWhitelistPattern.t()) | nil,
          :clusterAdmissionRules =>
            %{optional(String.t()) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t()}
            | nil,
          :defaultAdmissionRule => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t() | nil,
          :description => String.t() | nil,
          :etag => String.t() | nil,
          :globalPolicyEvaluationMode => String.t() | nil,
          :istioServiceIdentityAdmissionRules =>
            %{optional(String.t()) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t()}
            | nil,
          :kubernetesNamespaceAdmissionRules =>
            %{optional(String.t()) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t()}
            | nil,
          :kubernetesServiceAccountAdmissionRules =>
            %{optional(String.t()) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t()}
            | nil,
          :name => String.t() | nil,
          :updateTime => DateTime.t() | nil
        }

  field(:admissionWhitelistPatterns,
    as: GoogleApi.BinaryAuthorization.V1.Model.AdmissionWhitelistPattern,
    type: :list
  )

  field(:clusterAdmissionRules,
    as: GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule,
    type: :map
  )

  field(:defaultAdmissionRule, as: GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule)
  field(:description)
  field(:etag)
  field(:globalPolicyEvaluationMode)

  field(:istioServiceIdentityAdmissionRules,
    as: GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule,
    type: :map
  )

  field(:kubernetesNamespaceAdmissionRules,
    as: GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule,
    type: :map
  )

  field(:kubernetesServiceAccountAdmissionRules,
    as: GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule,
    type: :map
  )

  field(:name)
  field(:updateTime, as: DateTime)
end

defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.Policy do
  def decode(value, options) do
    GoogleApi.BinaryAuthorization.V1.Model.Policy.decode(value, options)
  end
end

defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.Policy do
  def encode(value, options) do
    GoogleApi.Gax.ModelBase.encode(value, options)
  end
end
